fraud_reportswikiaorg-20200214-history
Whois
=Brief Description= When a domain name is registered, the registrant must provide the registrar of the domain name with valid and up-to-date contact information. In theory, by looking up the domain name in any public whois database, anyone is supposed to be able to view this registration information, and thus contact the person or company that owns it. =Detailed description= Whois Information The Whois Export and Exchange Format memo presents details about what elements of a domain must be able to be queried in the whois database as required by ICANN. Note that this memo only applies to TLDs under ICANN control. required information for EPP domains under ICANN jurisdiction 1. Registrar objects. The registrar object corresponds to a single registrar. It includes the following data: Registrar ID (conforming to the IANA registrar-ids registry) Contact ID of Registrar Registrar Administrative Contacts Registrar Technical Contacts Registrar Billing Contacts Registrar URL Registrar Creation Date Registrar Last Updated Date 2. Contact objects. The contact object corresponds to a single contact (whether registrant, administrative, technical or billing contact). The contact object includes the following data: Contact ID Contact Name Contact Organization Contact Address, City, State/Province, Country Contact Postal Code Contact Phone, Fax, E-mail 3. Nameserver (host) objects. A nameserver object corresponds to a single registered nameserver. The nameserver object includes the following data: Name Server ID Name Server Host Name Name Server IP Addresses if applicable Current Registrar Name Server Creation Date Name Server Last Updated Date 4. Domain objects. The domain object corresponds to a single Registered Name. Each domain object includes the following data: Domain ID Domain Name Sponsoring Registrar Domain Status All contact information (including all details) with at least one each of: * Registrant * Administrative * Technical * Billing All nameservers associated with this domain Domain Registration Date Domain Expiration Date Domain Last Updated Date Whois query protocols The whois data must be made visible by clients (registrars) both via the web, and via a Port 43 Whois service. Port 43 Whois service look-up options =Where to look up whois information= Open-source whois clients * Whois for Linux: Download * Gandi.net whois client: Download Information * WP.CGI: Download Information *WhoisCL: Information and download Downloadable whois clients If you use a version of Unix, you can query directly with the whois command. That will thwart those spammers that thought they were clever and made their nameservers reject connections by DNS Stuff. You can also install a command-line version of whois and dig under Windows, or a window-based GUI option Sam Spade for Windows. Locate more whois clients in Spam Links' whois proxy tools list. Online whois look-up websites * DNS Stuff - this is a widely-used tool, which includes a whois look-up function (among many others). Once on their web page, scroll down to get to the whois search engine. It is not necessary to join to use it, but joining offers additional benefits. * iWhois - performs whois look-ups and returns summary or detailed information. It is more limited in range, because it covers very few country level domains (.hk .cd .au .fr etc) More whois sites are listed in Spam Links' whois tools list. International WHOIS sites Use one of these if the whois information doesn't show up using the above methods * DomainWhitePages : http://www.domainwhitepages.com/ * Argentina (ar) : http://www.nic.ar/ * Germany (de) : http://www.denic.de/en/whois/index.jsp * Hong Kong: https://www.hkdnr.hk/whois/whois.jsp * Japan : http://whois.jprs.jp/en/ * Moldovia (md) : http://www.register.md/ * New Zealand (nz) : http://www.dnc.org.nz and * Network Solutions : http://www.networksolutions.com/whois/index.jsp =Exceptions= In some instances the contact information of the registrant is hidden. This can happen if: * The domain name is managed by a registry that has a policy against the public disclosure of contact information if the registrant is a private person. This is notably the case with .eu and .fr ccTLD. * The domain name is registered to a company that in turn grants a license of use to the domain name to their customer. In this case, the contact information of the company is visible in the whois, and not their customer. =Examining Whois Information= Understanding contact details There are two different types of whois contact types: * Person * Organization (company, association...) This difference is known to the registrar, as the whois information is attributed a type. Usually, if the contact is a person, then the fullname field will appear on top, otherwise it will be the orgname field. You may be able to see this as either the "organization name" or "person" in the whois. As there is not necessarily any standard with regards to this, you may need to contact the registrar to request verification. If the whois contact type is an organization, then the organization is the legal title holder. The name that accompanies this is simply the contact person at that organization. The contact person does not have any legal rights to the domain per se, they are just required to perform the function of being an identified contact person. Changing the contact in this event then is not like an owner change and may be done at any time and freely. In privacy-protected whois databases (ex. EURID, AFNIC), if the whois information for a contact is a person, then the information will be hidden. If the information is that of an organization then it will be public. Spammer whois profiles Spammers almost always provide fake registrant information, mainly to avoid prosecution and to hide their real identities. They do this in three ways: * Using randomly-generated contact information that appears to be correct, but is not * Using the contact information of real people or companies, that they have no relation to * Using totally fake information Category:Glossary